Update fails for me on hardened system: [ebuild U ~] www-client/firefox-51.0::gentoo [50.1.0-r1::gentoo] USE="dbus hardened jemalloc skia wifi -bindist -custom-cflags -custom-optimization -debug (-gmp-autoupdate) -gtk2 -hwaccel* -jack (-neon) -pgo -pulseaudio (-rust) (-selinux) -startup-notification (-system-cairo) -system-harfbuzz -system-icu -system-jpeg -system-libevent -system-libvpx -system-sqlite {-test} (-jit%)" L10N="de -ach -af -an -ar -as -ast -az -bg -bn-BD -bn-IN -br -bs -ca -cak -cs -cy -da -dsb -el -en-GB -en-ZA -eo -es-AR -es-CL -es-ES -es-MX -et -eu -fa -ff -fi -fr -fy -ga -gd -gl -gn -gu -he -hi -hr -hsb -hu -hy -id -is -it -ja -ka% -kk -km -kn -ko -lij -lt -lv -mai -mk -ml -mr -ms -nb -nl -nn -or -pa -pl -pt-BR -pt-PT -rm -ro -ru -si -sk -sl -son -sq -sr -sv -ta -te -th -tr -uk -uz -vi -xh -zh-CN -zh-TW (-be%)" 0 KiB checking for x86 AVX2 asm support in compiler... yes checking for PIE support... no configure: error: --enable-pie requires PIE support from the linker. DEBUG: <truncated - see config.log for full output> DEBUG: configure:5344: checking if toolchain supports -mssse3 option DEBUG: configure:5356: /usr/bin/x86_64-pc-linux-gnu-gcc -std=gnu99 -c -march=corei7 -pipe -fno-strict-aliasing -mssse3 conftest.c 1>&5 DEBUG: configure:5371: checking if toolchain supports -msse4.1 option DEBUG: configure:5383: /usr/bin/x86_64-pc-linux-gnu-gcc -std=gnu99 -c -march=corei7 -pipe -fno-strict-aliasing -msse4.1 conftest.c 1>&5 DEBUG: configure:5399: checking for x86 AVX2 asm support in compiler DEBUG: configure:5408: /usr/bin/x86_64-pc-linux-gnu-gcc -std=gnu99 -c -march=corei7 -pipe -fno-strict-aliasing conftest.c 1>&5 DEBUG: configure:6470: checking for PIE support DEBUG: configure:6481: /usr/bin/x86_64-pc-linux-gnu-gcc -std=gnu99 -o conftest -march=corei7 -pipe -fno-strict-aliasing -fno-math-errno -Wl,-O1 -Wl,--as-needed -Wl,-rpath=/usr/lib64/firefox,--enable-new-dtags -Wl,-z,relro,-z,now -Wl,-z,noexecstack -Wl,-z,text -pie conftest.c 1>&5 DEBUG: /usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/../../../../x86_64-pc-linux-gnu/bin/ld: /var/tmp/portage/www-client/firefox-51.0/temp/ccg8UNFC.o: warning: relocation against `__stack_chk_fail@@GLIBC_2.4' in readonly section `.text'. DEBUG: /usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/../../../../x86_64-pc-linux-gnu/bin/ld: /var/tmp/portage/www-client/firefox-51.0/temp/ccg8UNFC.o: relocation R_X86_64_PC32 against undefined symbol `__stack_chk_fail@@GLIBC_2.4' can not be used when making a shared object; recompile with -fPIC DEBUG: /usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/../../../../x86_64-pc-linux-gnu/bin/ld: final link failed: Bad value DEBUG: collect2: error: ld returned 1 exit status DEBUG: configure: failed program was: DEBUG: #line 6474 "configure" DEBUG: #include "confdefs.h" DEBUG: DEBUG: int main() { DEBUG: DEBUG: ; return 0; } DEBUG: configure: error: --enable-pie requires PIE support from the linker. ERROR: old-configure failed *** Fix above errors and then restart with\ "make -f client.mk build" make: *** [client.mk:377: configure] Error 1
emerge --info Portage 2.3.3 (python 2.7.12-final-0, hardened/linux/amd64, gcc-4.9.4, glibc-2.23-r3, 4.7.10-hardened x86_64) ================================================================= System uname: Linux-4.7.10-hardened-x86_64-Intel-R-_Core-TM-_i7-2630QM_CPU_@_2.00GHz-with-gentoo-2.3 KiB Mem: 20537016 total, 454732 free KiB Swap: 0 total, 0 free sh bash 4.3_p48-r1 ld GNU ld (Gentoo 2.25.1 p1.1) 2.25.1 app-shells/bash: 4.3_p48-r1::gentoo dev-java/java-config: 2.2.0-r3::gentoo dev-lang/perl: 5.22.3_rc4::gentoo dev-lang/python: 2.7.12::gentoo, 3.4.5::gentoo dev-util/cmake: 3.7.2::gentoo dev-util/pkgconfig: 0.28-r2::gentoo sys-apps/baselayout: 2.3::gentoo sys-apps/openrc: 0.22.4::gentoo sys-apps/sandbox: 2.10-r1::gentoo sys-devel/autoconf: 2.13::gentoo, 2.69::gentoo sys-devel/automake: 1.11.6-r1::gentoo, 1.12.6::gentoo, 1.14.1::gentoo, 1.15::gentoo sys-devel/binutils: 2.25.1-r1::gentoo sys-devel/gcc: 4.9.4::gentoo sys-devel/gcc-config: 1.7.3::gentoo sys-devel/libtool: 2.4.6-r2::gentoo sys-devel/make: 4.2.1::gentoo sys-kernel/linux-headers: 4.4::gentoo (virtual/os-headers) sys-libs/glibc: 2.23-r3::gentoo Repositories: gentoo location: /mnt/sda7/portage sync-type: git sync-uri: https://anongit.gentoo.org/git/repo/gentoo.git priority: -1000 steam-overlay location: /var/lib/layman/steam-overlay masters: gentoo priority: 0 mylocal location: /usr/local/portage masters: gentoo priority: 1 ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="*" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=corei7 -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/gnupg/qualified.txt /usr/share/themes/oxygen-gtk/gtk-2.0 /usr/share/themes/oxygen-gtk/gtk-3.0" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.6/ext-active/ /etc/php/cgi-php5.6/ext-active/ /etc/php/cli-php5.6/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=corei7 -O2 -pipe" DISTDIR="/mnt/sdb1/distfiles" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://distfiles.gentoo.org" LANG="de_DE.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j4" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" USE="X a52 aac aacs acl acpi alsa amd64 amr berkdb bluetooth bluray btrfs bzip2 cdda cddb cec chipcard clamav cli color-management consolekit cracklib crypt cryptsetup css cups cxx dbus declarative device-mapper djvu dmraid dri dts dvb dvd ebook encode epub exif ext4 f2fs faac fat ffmpeg flac fuse gdbm geoip gif gimp glamor google googledrive gpg gphoto2 gpm hardened hbci http2 iconv id3tag infinality ipv6 jfs joystick jpeg justify kde kipi ladspa lame lcms lensfun libsamplerate lirc lm_sensors lvm lz4 lzma mad matroska mdadm mjpeg mmx mng mobi modemmanager modules mp3 mpeg mtp multilib mysql ncurses networkmanager nfs nls nptl ntfs nvenc ogg opencl opengl openmp opus pam pax_kernel pcre pdf phonon pie plasma plymouth pm-utils png policykit postscript ppp pvr qml qt3support qt5 rar raw rdesktop rdp readline reiser4 reiserfs s3tc samba scanner seccomp semantic-desktop session sftp share smartcard smp sndfile sox squashfs sse sse2 ssl ssp svg tcpd tiff truetype twolame udev unicode upnp urandom usb v4l vaapi vcd vdpau vnc vorbis vpx webp widgets wifi wps x264 x265 xattr xcb xcomposite xfs xinerama xkb xscreensaver xtpax xv xvid xvmc zeroconf zlib" ABI_X86="64 32" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_EXPERIMENTAL_FEATURES="braindump stage" CALLIGRA_FEATURES="karbon plan sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="avx mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="evdev keyboard joystick mouse synaptics" KERNEL="linux" L10N="de en" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="nlpsolver" LINGUAS="de en" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_4" RUBY_TARGETS="ruby21" USERLAND="GNU" VIDEO_CARDS="virtualbox intel i965 fbdev vesa nouveau nvidia radeon radeonsi amdgpu dummy" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" USE_PYTHON="2.7" Unset: CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Created attachment 461540 [details] build.log
I too have run into this on hardened.
I added -fPIC to the global cflags, and the build has progressed (so far), but based on the PIC hardened gentoo handbook entry, I'm not sure that is desirable.
I'm seeing the same error on three different hardened systems. Portage 2.3.3 (python 3.4.5-final-0, hardened/linux/amd64, gcc-5.4.0, glibc-2.23-r3, 4.8.17-hardened-r2 x86_64) ================================================================= System uname: Linux-4.8.17-hardened-r2-x86_64-Intel-R-_Core-TM-_i7-6700K_CPU_@_4.00GHz-with-gentoo-2.3 KiB Mem: 65913112 total, 1984616 free KiB Swap: 67043324 total, 67043324 free Timestamp of repository gentoo: Thu, 26 Jan 2017 23:00:01 +0000 sh bash 4.4_p11 ld GNU ld (Gentoo 2.26.1 p1.0) 2.26.1 app-shells/bash: 4.4_p11::gentoo dev-lang/perl: 5.24.1_rc4::gentoo dev-lang/python: 2.7.12::gentoo, 3.4.5::gentoo dev-util/cmake: 3.7.2::gentoo dev-util/pkgconfig: 0.29.1::gentoo sys-apps/baselayout: 2.3::gentoo sys-apps/openrc: 0.23.1::gentoo sys-apps/sandbox: 2.10-r3::gentoo sys-devel/autoconf: 2.13::gentoo, 2.69-r2::gentoo sys-devel/automake: 1.12.6-r1::gentoo, 1.13.4-r1::gentoo, 1.14.1-r1::gentoo, 1.15-r2::gentoo sys-devel/binutils: 2.25.1-r1::gentoo, 2.26.1::gentoo, 2.27::gentoo sys-devel/gcc: 5.4.0-r2::gentoo sys-devel/gcc-config: 1.8-r1::gentoo sys-devel/libtool: 2.4.6-r2::gentoo sys-devel/make: 4.2.1::gentoo sys-kernel/linux-headers: 4.9::gentoo (virtual/os-headers) sys-libs/glibc: 2.23-r3::gentoo Repositories: gentoo location: /usr/portage sync-type: rsync sync-uri: rsync://rsync.gentoo.org/gentoo-portage priority: -1000 sync-rsync-extra-opts: --timeout=10 --ipv6 creideiki location: /usr/local/portage masters: gentoo priority: 0 ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="* -@EULA" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe -ggdb" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-march=native -O2 -pipe -ggdb" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--alphabetical --keep-going --quiet-build=n --backtrack=30 --verbose-conflicts" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs buildpkg compressdebug config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://distfiles.gentoo.org" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j8" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_EXTRA_OPTS="--timeout=10 --ipv6" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" USE="X acl amd64 berkdb bzip2 cli cracklib crypt cxx dri emacs gdbm hardened iconv idn ipv6 justify latex modules multilib ncurses nls nptl openmp pam pax_kernel pcre pie readline seccomp session ssl ssp tcpd unicode urandom xattr xtpax zlib" ABI_X86="64" ALSA_CARDS="hda-intel" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 fma3 mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="efi-64" INPUT_DEVICES="libinput keyboard mouse" KERNEL="linux" L10N="en en-US en-GB sv" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_4" QEMU_SOFTMMU_TARGETS="x86_64" RUBY_TARGETS="ruby23" USERLAND="GNU" VIDEO_CARDS="intel" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CC, CPPFLAGS, CTARGET, CXX, INSTALL_MASK, LANG, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, USE_PYTHON ================================================================= Package Settings ================================================================= www-client/firefox-50.1.0-r1::gentoo was built with the following: USE="-bindist -custom-cflags -custom-optimization -dbus -debug (-gmp-autoupdate) -gtk2 hardened hwaccel -jack jemalloc -jit (-neon) -pgo -pulseaudio (-selinux) skia -startup-notification (-system-cairo) system-harfbuzz system-icu system-jpeg system-libevent system-libvpx system-sqlite -test -wifi" ABI_X86="64" L10N="-ach -af -an -ar -as -ast -az -be -bg -bn-BD -bn-IN -br -bs -ca -cak -cs -cy -da -de -dsb -el en-GB -en-ZA -eo -es-AR -es-CL -es-ES -es-MX -et -eu -fa -ff -fi -fr -fy -ga -gd -gl -gn -gu -he -hi -hr -hsb -hu -hy -id -is -it -ja -kk -km -kn -ko -lij -lt -lv -mai -mk -ml -mr -ms -nb -nl -nn -or -pa -pl -pt-BR -pt-PT -rm -ro -ru -si -sk -sl -son -sq -sr sv -ta -te -th -tr -uk -uz -vi -xh -zh-CN -zh-TW" CFLAGS="-march=native -pipe -ggdb" CXXFLAGS="-march=native -pipe -ggdb" LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,-rpath=/usr/lib64/firefox,--enable-new-dtags -Wl,-z,relro,-z,now"
Me too. My workaround was run command "find . -type f -name old-configure -exec sed -e 's: -pie: -fPIE:' -i {} \;" in firefox-51.0 source tree and then classic ebuild firefox-51.0.ebuild configure, compile .....
*** Bug 607520 has been marked as a duplicate of this bug. ***
This is confirmed here.
Created attachment 461842 [details, diff] Replace '-pie' by '-fPIE' where it matters
(In reply to Another Mortal from comment #9) > Created attachment 461842 [details, diff] [details, diff] > Replace '-pie' by '-fPIE' where it matters I just thought I'd note that with that patch in /etc/portage/patches/www-client/firefox-51.0, the build completes without any issues.
(In reply to Another Mortal from comment #10) > (In reply to Another Mortal from comment #9) > > Created attachment 461842 [details, diff] [details, diff] [details, diff] > > Replace '-pie' by '-fPIE' where it matters > > I just thought I'd note that with that patch > in /etc/portage/patches/www-client/firefox-51.0, > the build completes without any issues. -fPIE is a CFLAG not a linker flag. Your patch might mitigate the problem but it is completely wrong.
Created attachment 461844 [details, diff] pass -fPIE via CFLAGS for the check If someone would please test and report would be appreciated. I would do it but do not feel like downgrading from 6.3.0 which doesn't have this problem.
(In reply to Jory A. Pratt from comment #12) > Created attachment 461844 [details, diff] [details, diff] > pass -fPIE via CFLAGS for the check > > If someone would please test and report would be appreciated. I would do it > but do not feel like downgrading from 6.3.0 which doesn't have this problem. For me (with gcc 5.4.0-r2 on ~amd64) this patch solved the issue in the configure phase, but then produces a new error during compilation: Executing: /usr/bin/x86_64-pc-linux-gnu-g++ -std=gnu++11 -Wall -Wc++11-compat -Wempty-body -Wignored-qualifiers -Woverloaded-virtual -Wpointer-arith -Wsign-compare -Wtype-limits -Wunreachable-code -Wwrite-strings -Wno-invalid-offsetof -Wc++14-compat -Wno-error=maybe-uninitialized -Wno-error=deprecated-declarations -Wno-error=array-bounds -pipe -march=native -ggdb -fno-exceptions -fno-strict-aliasing -fno-rtti -fno-exceptions -fno-math-errno -pthread -pipe -freorder-blocks -Os -fomit-frame-pointer -fPIC -shared -Wl,-z,defs -Wl,-h,libmozsqlite3.so -o libmozsqlite3.so -lpthread -Wl,-O1 -Wl,--as-needed -Wl,-rpath=/usr/lib64/firefox,--enable-new-dtags -Wl,-z,relro,-z,now -Wl,-z,noexecstack -Wl,-z,text -Wl,-rpath-link,/var/tmp/portage/www-client/firefox-51.0/work/firefox-51.0/ff/dist/bin -Wl,-rpath-link,/usr/lib /var/tmp/portage/www-client/firefox-51.0/work/firefox-51.0/ff/config/external/sqlite/tmpvWB_e0.list -Wl,--version-script,libmozsqlite3.so.symbols -ldl /var/tmp/portage/www-client/firefox-51.0/work/firefox-51.0/ff/config/external/sqlite/tmpvWB_e0.list: INPUT("../../../db/sqlite3/src/sqlite3.o") /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/../../../../x86_64-pc-linux-gnu/bin/ld: ../../../db/sqlite3/src/sqlite3.o: warning: relocation against `sqlite3_vfs_register' in readonly section `.text' /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/../../../../x86_64-pc-linux-gnu/bin/ld: ../../../db/sqlite3/src/sqlite3.o: relocation R_X86_64_PC32 against symbol `sqlite3_mutex_enter' can not be used when making a shared object; recompile with -fPIC /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/../../../../x86_64-pc-linux-gnu/bin/ld: final link failed: Bad value collect2: error: ld returned 1 exit status make[4]: *** [/var/tmp/portage/www-client/firefox-51.0/work/firefox-51.0/config/rules.mk:802: libmozsqlite3.so] Error 1 make[4]: Leaving directory '/var/tmp/portage/www-client/firefox-51.0/work/firefox-51.0/ff/config/external/sqlite' make[3]: *** [/var/tmp/portage/www-client/firefox-51.0/work/firefox-51.0/config/recurse.mk:71: config/external/sqlite/target] Error 2 make[3]: *** Waiting for unfinished jobs....
(In reply to Markus Oehme from comment #13) > (In reply to Jory A. Pratt from comment #12) > > Created attachment 461844 [details, diff] [details, diff] [details, diff] > > pass -fPIE via CFLAGS for the check > > > > If someone would please test and report would be appreciated. I would do it > > but do not feel like downgrading from 6.3.0 which doesn't have this problem. > > For me (with gcc 5.4.0-r2 on ~amd64) this patch solved the issue in the > configure phase, but then produces a new error during compilation: > > Executing: /usr/bin/x86_64-pc-linux-gnu-g++ -std=gnu++11 -Wall > -Wc++11-compat -Wempty-body -Wignored-qualifiers -Woverloaded-virtual > -Wpointer-arith -Wsign-compare -Wtype-limits -Wunreachable-code > -Wwrite-strings -Wno-invalid-offsetof -Wc++14-compat > -Wno-error=maybe-uninitialized -Wno-error=deprecated-declarations > -Wno-error=array-bounds -pipe -march=native -ggdb -fno-exceptions > -fno-strict-aliasing -fno-rtti -fno-exceptions -fno-math-errno -pthread > -pipe -freorder-blocks -Os -fomit-frame-pointer -fPIC -shared -Wl,-z,defs > -Wl,-h,libmozsqlite3.so -o libmozsqlite3.so -lpthread -Wl,-O1 > -Wl,--as-needed -Wl,-rpath=/usr/lib64/firefox,--enable-new-dtags > -Wl,-z,relro,-z,now -Wl,-z,noexecstack -Wl,-z,text > -Wl,-rpath-link,/var/tmp/portage/www-client/firefox-51.0/work/firefox-51.0/ > ff/dist/bin -Wl,-rpath-link,/usr/lib > /var/tmp/portage/www-client/firefox-51.0/work/firefox-51.0/ff/config/ > external/sqlite/tmpvWB_e0.list -Wl,--version-script,libmozsqlite3.so.symbols > -ldl > /var/tmp/portage/www-client/firefox-51.0/work/firefox-51.0/ff/config/ > external/sqlite/tmpvWB_e0.list: > INPUT("../../../db/sqlite3/src/sqlite3.o") > > /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/../../../../x86_64-pc-linux-gnu/bin/ > ld: ../../../db/sqlite3/src/sqlite3.o: warning: relocation against > `sqlite3_vfs_register' in readonly section `.text' > /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/../../../../x86_64-pc-linux-gnu/bin/ > ld: ../../../db/sqlite3/src/sqlite3.o: relocation R_X86_64_PC32 against > symbol `sqlite3_mutex_enter' can not be used when making a shared object; > recompile with -fPIC > /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/../../../../x86_64-pc-linux-gnu/bin/ > ld: final link failed: Bad value > collect2: error: ld returned 1 exit status > make[4]: *** > [/var/tmp/portage/www-client/firefox-51.0/work/firefox-51.0/config/rules.mk: > 802: libmozsqlite3.so] Error 1 > make[4]: Leaving directory > '/var/tmp/portage/www-client/firefox-51.0/work/firefox-51.0/ff/config/ > external/sqlite' > make[3]: *** > [/var/tmp/portage/www-client/firefox-51.0/work/firefox-51.0/config/recurse. > mk:71: config/external/sqlite/target] Error 2 > make[3]: *** Waiting for unfinished jobs.... If you would attach the build.log please.
Created attachment 461872 [details, diff] Fully tested and working PIE check I am gonna land this patch in tree, I will close bug reports soon as I hear a few more success stories.
> Created attachment 461872 [details, diff] [details, diff] > Fully tested and working PIE check > > I am gonna land this patch in tree, I will close bug reports soon as I hear > a few more success stories. I have successfully built Firefox with the provided patch http://i.imgur.com/gHieqEr.png
(In reply to Jory A. Pratt from comment #15) > Created attachment 461872 [details, diff] [details, diff] > Fully tested and working PIE check > > I am gonna land this patch in tree, I will close bug reports soon as I hear > a few more success stories. Thanks, works for me as well.
Created attachment 461892 [details] build log (with patch applied) Here is the full build log with the patch applied and an error during the compilation phase.
Jory, it worked for me.
(In reply to Markus Oehme from comment #18) > Created attachment 461892 [details] > build log (with patch applied) > > Here is the full build log with the patch applied and an error during the > compilation phase. Markus, your build log has date: 20170129-172345 while the patch was applied later (yes you can be in another TZ). Also, your log contains pie.patch from /etc/portage instead of the patch provided by Jory as fix_hardened_pie_detection.patch. Are you sure you have the problem with the updated system?
(In reply to Agostino Sarubbo from comment #20) > (In reply to Markus Oehme from comment #18) > > Created attachment 461892 [details] > > build log (with patch applied) > > > > Here is the full build log with the patch applied and an error during the > > compilation phase. > > Markus, > > your build log has date: 20170129-172345 while the patch was applied later > (yes you can be in another TZ). > Also, your log contains pie.patch from /etc/portage instead of the patch > provided by Jory as fix_hardened_pie_detection.patch. > > Are you sure you have the problem with the updated system? The name of the patch got mangled on the way. I'm now retesting it with the new version from tree.
Comment on attachment 461892 [details] build log (with patch applied) (In reply to Markus Oehme from comment #21) > I'm now retesting it with the new version from tree. I'm confused. The version from tree worked fine, but it should have been the same as the previous go. But I'm not complaining, that the problem is gone. ;)
Thanks for all the feedback.
Had the same problem on hardened, but my fix was disabling CONFIG_PAX_MPROTECT in kernel config.
(In reply to Horst Prote from comment #24) > Had the same problem on hardened, but my fix was disabling > CONFIG_PAX_MPROTECT in kernel config. Arggh! Typo: I disabled CONFIG_PAX_MPROTECT_COMPAT and left CONFIG_PAX_MPROTECT active. # zgrep MPROTECT /proc/config.gz CONFIG_PAX_MPROTECT=y # CONFIG_PAX_MPROTECT_COMPAT is not set